Wireshark Tutorial for Beginners - Filters

Hey guys, Hackloit here back again with another video and welcome to your fourth Wireshark tutorial for beginners. Now, in this tutorial, I'm going to be showing you uh the two different types of filters. So, basically, a filter is uh a tool that will allow you to basically fine-tune your search for packets and data that you've scanned or are scanning. So, uh let me just use my Wi-Fi card here and let it scan for some data and I'll explain as we go. So I'm just going to stop it there. Now basically a filter will allow me to fine-tune to pick specifically what I want from these packets. So for example um we have as I mentioned earlier we have two types of filters. We have a display filter which is right here and we have a capture filter. Now a capture filter lies here. This is the capture filter that is specific to the network interface card that you are using. But let's start first with the display filter. So, I've stopped scanning and let's say we want to find a specific packet out of all that we've just scanned. A display feature uh filter is basically a filter that uh it will give you the packets that you want to see or you're looking for, not the packets that you want to scan for. So, uh let's try uh HTTP and it's going to give us all the HTTP packets. So, as you can see, we really don't have any HTTP packets. Let's try something else. So, I'm going to use DNS. And as you can see here, we have some DNS uh servers that want connecting to Facebook. And yeah, that's pretty much uh how to use the display filter to your advantage. Now, as I mentioned, uh there are a lot of filters that you can use and some of them are here. As you can see, these are the most uh popular filters. We have Ethernet address, uh IPv4, IPv6, uh you have TCP, UDP, uh nonDNS. So, it'll scan for nonDNS um uh uh packets of data. And here they are. And you can just apply it. And if you're once you're done looking for uh once you're done uh basically using your display filter, you can just hit uh the X button there or the stop button and you'll be good right here. Uh now, the next thing I want to show you is expression. Now, expression gives you all the different types of filters that you can apply with um with basically with uh with capture more advanced capture options. Some that may not exist over here and the most commonly used. So, I'm going to give you an example. Uh let's say we're looking for HTTP packets, but only HTTP get packets, not not post. Uh so, let's try that. HTTP this is the uh basically the filter that I'm going to use and I already made some here. So we have htt http request do method get. So I'm going to type that in. And again we don't have any http get. So let's try post post. And let's close that. And still nothing. That's basically how you can fine-tune what packets you want to uh what you want to see from the packets you already scanned. Now when we go on to the capture filter, a capture filter is the packets that you want to scan. Like let's say you want to scan only for HTTP. Uh you'll only it'll only scan for HTTP. So as you can see here if I go into the most common ones. So let's see HTTP TCP port HTTP and it'll start capturing from there and then we can stop it and uh so on and so forth. So that's basically the the types of uh filters that you can use in Wireshark and how you can use them to fine-tune uh your results on packets or what you want to see from the packets you've just captured. So yeah guys, that's pretty much it. Pretty much it. Thanks for watching this video. If you enjoyed it, leave a like and yeah, peace.